Google Git
Sign in
chromium / chromium / src / 2a172e455f7060e0786abd37de53a39e21aa5b5e / . / crypto / hmac_nss.cc
blob: e14282c916616ce1146dd8b2820f0d5226f5b482 [file] [log] [blame]
[email protected]3b63f8f42011-03-28 01:54:15[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]5#include "crypto/hmac.h"
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]6
7#include <nss.h>
8#include <pk11pub.h>
9
10#include "base/logging.h"
[email protected]3b63f8f42011-03-28 01:54:15[diff] [blame]11#include "base/memory/scoped_ptr.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]12#include "crypto/nss_util.h"
13#include "crypto/scoped_nss_types.h"
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]14
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]15namespace crypto {
[email protected]c1444fe2008-09-17 09:42:51[diff] [blame]16
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]17struct HMACPlatformData {
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]18 CK_MECHANISM_TYPE mechanism_;
[email protected]41c78fa2010-03-22 20:08:41[diff] [blame]19 ScopedPK11Slot slot_;
20 ScopedPK11SymKey sym_key_;
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]21};
22
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]23HMAC::HMAC(HashAlgorithm hash_alg)
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]24 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]25 // Only SHA-1 and SHA-256 hash algorithms are supported.
26 switch (hash_alg_) {
27 case SHA1:
28 plat_->mechanism_ = CKM_SHA_1_HMAC;
29 break;
30 case SHA256:
31 plat_->mechanism_ = CKM_SHA256_HMAC;
32 break;
33 default:
34 NOTREACHED() << "Unsupported hash algorithm";
[email protected]db163f82010-04-02 21:01:35[diff] [blame]35 break;
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]36 }
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]37}
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]38
[email protected]eae9c062011-01-11 00:50:59[diff] [blame]39HMAC::~HMAC() {
40}
41
[email protected]673266c42012-12-04 00:50:35[diff] [blame]42bool HMAC::Init(const unsigned char *key, size_t key_length) {
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]43 EnsureNSSInit();
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]44
[email protected]2f89e6a22009-07-22 18:34:14[diff] [blame]45 if (plat_->slot_.get()) {
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]46 // Init must not be called more than twice on the same HMAC object.
47 NOTREACHED();
48 return false;
49 }
50
[email protected]f55d1b02011-10-23 21:52:07[diff] [blame]51 plat_->slot_.reset(PK11_GetInternalSlot());
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]52 if (!plat_->slot_.get()) {
53 NOTREACHED();
54 return false;
55 }
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]56
57 SECItem key_item;
58 key_item.type = siBuffer;
59 key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const.
60 key_item.len = key_length;
61
62 plat_->sym_key_.reset(PK11_ImportSymKey(plat_->slot_.get(),
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]63 plat_->mechanism_,
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]64 PK11_OriginUnwrap,
65 CKA_SIGN,
66 &key_item,
67 NULL));
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]68 if (!plat_->sym_key_.get()) {
69 NOTREACHED();
70 return false;
71 }
72
73 return true;
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]74}
75
[email protected]c28986ee2011-06-06 22:00:11[diff] [blame]76bool HMAC::Sign(const base::StringPiece& data,
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]77 unsigned char* digest,
[email protected]673266c42012-12-04 00:50:35[diff] [blame]78 size_t digest_length) const {
[email protected]d91f8432009-05-05 23:55:59[diff] [blame]79 if (!plat_->sym_key_.get()) {
80 // Init has not been called before Sign.
81 NOTREACHED();
82 return false;
83 }
84
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]85 SECItem param = { siBuffer, NULL, 0 };
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]86 ScopedPK11Context context(PK11_CreateContextBySymKey(plat_->mechanism_,
[email protected]41c78fa2010-03-22 20:08:41[diff] [blame]87 CKA_SIGN,
88 plat_->sym_key_.get(),
89 &param));
[email protected]bc1e07c72008-09-16 14:32:44[diff] [blame]90 if (!context.get()) {
91 NOTREACHED();
92 return false;
93 }
94
95 if (PK11_DigestBegin(context.get()) != SECSuccess) {
96 NOTREACHED();
97 return false;
98 }
99
100 if (PK11_DigestOp(context.get(),
101 reinterpret_cast<const unsigned char*>(data.data()),
102 data.length()) != SECSuccess) {
103 NOTREACHED();
104 return false;
105 }
106
107 unsigned int len = 0;
108 if (PK11_DigestFinal(context.get(),
109 digest, &len, digest_length) != SECSuccess) {
110 NOTREACHED();
111 return false;
112 }
113
114 return true;
115}
116
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]117} // namespace crypto